`

• name: Install ADCS with sub features and management tools
  win_feature:
  name: Adcs-Cert-Authority
  state: present
  include_management_tools: yes
  register: win_feature

• name: reboot if installing Adcs-Cert-Authority feature requires it
  win_reboot:
  when: win_feature.reboot_required

• name: Add ActiveDirectoryCSDsc
  win_psmodule:
  name: ActiveDirectoryCSDsc
  state: present

• name: Configure AdcsCertificationAuthority Powershell DSC
  win_dsc:
  resource_name: AdcsCertificationAuthority
  IsSingleInstance: ‘Yes’
  CAType: ‘EnterpriseRootCA’
  CryptoProviderName: ‘RSA#Microsoft Software Key Storage Provider’
  KeyLength: 2048
  HashAlgorithmName: ‘SHA256’
  ValidityPeriod: ‘Years’
  ValidityPeriodUnits: 99
  PsDscRunAsCredential_username: ’ {{ ansible_user }}’
  PsDscRunAsCredentual_password: ‘{{ ansible_password }}’

`

`
TASK [internal/qa_env_dc : Configure AdcsCertificationAuthority Powershell DSC] *************************************************************************************************************************************************************
fatal: [10.0.136.5]: FAILED! => {“changed”: false, “module_stderr”: “Exception calling "Run" with "1" argument(s): "Exception calling "Invoke" with "0" argument(s): "The running command \r\nstopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: Cannot bind \r\nargument to parameter ‘String’ because it is null.""\r\nAt line:65 char:5\r\n+ $output = $entrypoint.Run($payload)\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : NotSpecified: ( , ParentContainsErrorRecordException\r\n + FullyQualifiedErrorId : ScriptMethodRuntimeException\r\n \r\n”, “module_stdout”: “”, “msg”: “MODULE FAILURE”, “rc”: 1}

`

Im really just trying to re-create this powershell snippet I have been using.

`

Configure ADCS LDAP Over SSL

Add-WindowsFeature Adcs-Cert-Authority -IncludeManagementTools
Install-AdcsCertificationAuthority -CAType EnterpriseRootCa -CryptoProviderName “RSA#Microsoft Software Key Storage Provider” -KeyLength 2048 -HashAlgorithmName SHA256 -ValidityPeriod Years -ValidityPeriodUnits 99 -Credential $mycreds -Force:$true

`

Im not really sure how to troubleshoot that error coming back to me.

I agree the error message is not the nicest, there’s some work we can do to try and clean it up but basically this is the standard error we get after an unhandled exception is throw. Best practice is to get rid of everything up the “ErrorActionPreference” line which leads you with

`
Cannot bind
argument to parameter ‘String’ because it is null.""
At line:65 char:5

• $output = $entrypoint.Run($payload)
• CategoryInfo : NotSpecified: ( , ParentContainsErrorRecordException
• FullyQualifiedErrorId : ScriptMethodRuntimeException
  `

The location is a bit of a misnomer due to the way we run the modules but basically it is saying a DSC parameter that expects a value is getting $null instead and failing. Looking very briefly at the docs for ``AdcsCertificationAuthority here https://github.com/PowerShell/ActiveDirectoryCSDsc/blob/dev/DSCResources/MSFT_AdcsCertificationAuthority/MSFT_AdcsCertificationAuthority.schema.mof. You can the following fields are required;

• CAType
• Credential
I can see you have defined the CAType but Credential is not. It sounds like instead of running the DSC resource as your ansible user, use the Credential_username/Credential_password itself.

Thanks

Jordan

Isn’t that what the ps run as credentials are? To replace the credential parameter?

They are/can be different, PsDscRunAsCredential is used to tell DSC what user to run the process as, other credential objects may be used for a special process by the module itself. One is read by DSC while the other is read by the DSC resource. They may achieve similar things but the scope of each are different. Also, there’s a typo in your PsDscRunAsCredential example, not sure if that’s the same in your actual task.

Thanks

Jordan